Qualys REST messages

Release version: Zurich

Updated July 31, 2025

3 minutes to read

Summarize

Summarized using AI

Summary of Qualys REST Messages

Qualys REST messages facilitate the retrieval of compliance data from Qualys. These messages are essential for ServiceNow customers to integrate compliance information seamlessly into their systems.

Show full answer Show less

Key Features

Qualys PC Policies REST Message: Retrieves policy data. Key parameters include:
- action: Required; defines the operation type.
- details: Optional; specifies the level of detail.
Qualys PC Controls REST Message: Fetches compliance controls information. Similar parameters as the Policies message.
Qualys PC Policies Detail REST Message: Provides complete policy details, including optional parameters:
- showusercontrols: Include user-defined controls if set to 1.
- showappendix: Include appendix section if set to 1.
Qualys PC Results REST Message: Retrieves compliance posture records with parameters like:
- showextendedevidence: Show extended evidence if set to 1.
- causeoffailure: Return the cause of failure if set to 1.
- policyid: Required for showing records for a specific policy.
- showremediationinfo: Include remediation information if set to 1.
Qualys PCRS Policy Host Integration: Retrieves host data for compliance evaluation using a specific policy ID.
Qualys PCRS Test Results Integration: Controls evidence retrieval and data compression with parameters that can affect performance.

Key Outcomes

Utilizing these REST messages helps ServiceNow customers effectively manage compliance data, ensuring they can retrieve, evaluate, and integrate relevant information into their workflows. This integration aids in maintaining compliance posture and enhancing overall operational efficiency.

Qualys REST messages are used to make calls to the Qualys API to fetch the compliance data.

The following rest messages are shipped with the base system.

Qualys PC Policies REST message

The Qualys PC Policies REST message retrieves policy data from Qualys. The changes to the REST message method record impact the request made to Qualys to retrieve policy information.

Table 1. Qualys PC Policies REST message parameters
Parameter Name	Value	Description
action	list	Indicates the type of operation requested. Required parameter.
details	All	Indicates the level of detail shown for policies retrieved. It is safe to modify as per your requirement.

Qualys PC Controls REST message

The Qualys PC Controls rest message retrieves compliance controls information for different control IDs from Qualys.

Table 2. Qualys PC Controls REST message parameters
Parameter Name	Value	Description
action	list	Indicates the type of operation requested. Required parameter.
details	All	Indicates the level of detail shown for controls retrieved. It is safe to modify as per your requirement.

Qualys PC Policies Detail REST message

The Qualys PC Policies Detail REST message retrieves the complete policy details, such as technologies and sections.

Table 3. Qualys PC Policies Detail REST message parameters
Parameter	Value	Description
action	list	Indicates the type of operation being requested. Required parameter.
show_user_controls	Boolean	Set to 1 to include user-defined controls (UDCs) in the XML output. When not specified, UDCs are not included. This is an optional parameter. It is safe to modify as per your requirement.
show_appendix	Boolean	(Optional) Set to 1 to show the appendix section in the XML output. When unspecified.

Qualys PC Results REST message

The Qualys PC Results rest message retrieves compliance posture records from Qualys.

Table 4. Qualys PC Results REST message parameters
Source Field	Value	Description
action	list	Indicates the type of operation requested. Required parameter. Changes are not recommended.
show_extended_evidence	Boolean	Set to 1 to show the extended evidence information in the output. Set to 0 or when unspecified, the extended evidence information is not shown in the output. Note: You cannot specify `show_extended_evidence=1` in the same request as `hide_evidence=1`. This results in an error. The extended evidence is a part of the evidence data and it’s shown only when evidence data is shown. This parameter is not shipped with the base system.
cause_of_failure	Boolean	If you pass '1', Qualys will return the cause of failure. If you pass '0', Qualys will not return these attributes. Note: This parameter is not shipped with the base system.
policy_id		Shows compliance posture information records for a specified policy. A valid policy ID is required.
details	All	Indicates the level of detail shown for postures retrieved. It is safe to modify as per your requirement.
show_remediation_info		(Optional) Set to 1 to show remediation information in the XML or CSV output. By default, the output does not include the remediation information. When not specified, the remediation information is not included in the output.

Qualys PCRS Policy Host Integration REST message

The Qualys PCRS Policy Host Integration retrieves host data from Qualys and processes it in your instance.

Table 5. Qualys PCRS Policy Host Integration REST message parameters
Parameter Name	Value	Description
policyId	${lastRunDatetime}	Policy IDs for compliance evaluation.

Qualys PCRS Test Results Integration

The table shows the request parameters that are sent.

Table 6. Qualys PCRS Test Results Integration REST message parameters
Parameter Name	Value	Description
evidenceRequired	${lastRunDatetime}	The default value is 0, which indicates that evidence data will not be retrieved for the host posture. Set the value to 1 to retrieve the evidence data. Note: Changing the value to 1 increases the time required to fetch posture data.
compressionRequired		The default value is 1, which indicates that the output will be compressed. Set the value to 0, if you don’t want the data to be compressed. Note: Not compressing the data increases the time required to fetch posture data.